It’s no secret that careers in IT are always in high demand, with technology occupying an ever-increasing space of our lives, dancing to the tune of Moores’s law and AI developments. But there’s the flip side: the more we depend on technology, the higher the risks, and that’s where a similar (some say stronger) push for careers in cybersecurity exists.
For every platform that simplifies IT management for hundreds of thousands of companies worldwide efficiency, there’s a single attack that compromises them all at once and the need for hundreds of thousands of cybersec professionals.
To raise awareness and a more extensive discussion around this issue, the National Cybersecurity Alliance established, as part of the Cybersecurity Awareness Month, that Week 3 of October would be #CyberCareerWeek. So let’s chat a little about why there is such a large gap for careers in cybersecurity.
Careers in Cybersecurity are plenty, but…
In the US, the cybersecurity labor shortage is estimated at almost 400,000 workers, which would join another 800,000 in the workforce. It’s a large gap to fill in very little time, and the global numbers are even scarier: a shortage of over 3 million cyber workers, aggravated by COVID-19 hiring freezes.
And in the meantime, threats are escalating, cyberattackers are more organized, global, and sometimes backed by foreign governments. That side of the workforce is only growing larger and more organized.
So, the first challenge in promoting careers in cybersecurity is that the threats grow faster than the opportunities. And from that, another sad reality arises: burnout is a recurrent issue among professionals.
And, as a combination of the first two, a stressful career has no appeal for younger generations. Other tech-driven choices offer smoother paths, just as rewarding.
In the subject of smoother paths, the urgency of cybersecurity careers merges with the trade demands: organizations have difficulty finding candidates with the qualifications they need because the skills bar is high. There are not enough people with the certifications necessary to throw their hats in the ring.
How can organizations support careers in cybersecurity?
There are no two ways about it: organizations need skilled cybersecurity pros, and at the same time, the challenges, the market, and themselves are setting the bar high. So, what steps do organizations need to take to ensure they attract and retain the right talent?
What are your requirements?
Where are you most vulnerable? What is your threat landscape? What regulatory and compliance mandates do you have to follow? Does your industry provide a higher threat level (i.e., government), and where? These questions will help you assess the kind of professional you need and the skills you are looking for.
Mix and match cybersecurity career levels
Combine different careers in cybersecurity, bringing newly-graduated professionals with seasoned ones, so there is a skill transfer, a better distribution of the workload (reducing burnout), and improved communication across the department.
Seize apprenticeship opportunities
Take advantage of tax benefits for apprentices, and nurture talent that you can help develop. Future professionals that develop careers in cybersecurity in your environment can be your future leaders.
Support mental health initiatives
Of course, mental health is essential for every level of every organization. However, it is urgent for careers in cybersecurity with the scenarios we described and the necessity for such professionals. Promote programs that foster mental health, make sure burnout is identified and mitigated at its root, and create a work environment where these conversations are not shut out.
Address human risk
Suppose you have a workforce ready to mitigate threats. In that case, you are investing in reducing the workload of a significant part of your cybersecurity team, mitigating threats before they turn into incident response. Careers in cybersecurity awareness are also available and vital for securing organizations.
During the Front Lines, our Cybersecurity Awareness Month annual event, we will address the cybersecurity skills gap and how organizations and security leaders can address the issue. Register today by clicking on the banner below.
Some resources to support Cybersecurity Career decisions
For week 3 of Cybersecurity Awareness Month, the National Institute of Standards and Technology created a cybersecurity career path tool. It is a helpful resource to draw career paths and determine which necessary certifications, the salary offers, and the skills requested to thrive.
The Cybersecurity and Infrastructure Security Agency (CISA) has an Education & Career Page with resources that help candidates for careers in cybersecurity to map their pathways to get the necessary certifications based on their desired positions.
Organizations like the Cybersecurity Gatebreakers Foundation connect employers with entry-level cybersecurity professionals. They educate organizations on the advantages of developing new talent, skipping impossible-to-reach requirements that are not necessary for many of the tasks in cybersecurity.
Public Infrastructure Security Cyber Education Systems is a non-profit dedicated to supporting small cities and counties with security monitoring while offering students their first, hands-on contact with cybersecurity tasks.
Recently, as part of the White House initiatives to mitigate cyberattacks and fortify the critical infrastructure, the Girls Who Code organization announced a partnership with CISA to help young women pursue careers in cybersecurity. In the same pack of initiatives, IBM announced a partnership with “20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to build a more diverse U.S. cyber workforce”
There’s a severe labor shortage, made more challenging by the persistent threat of cyberattackers. Non-profits and governments are trying to fill the gap with education. Still, generational issues and the time it takes to develop a capable workforce fully make it even more complex.
Organizations have to step up, nurturing cyber talents and creating the foundation so newcomers can join in the ranks and increase resilience that defends private and public sectors, customers, and citizens alike.